(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe's Frontend
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
xxx Empowering Manufacturers to Innovate, Adapt, and Thrive in the Age of AI In 1913, Henry Ford forever changed the face of manufacturing. His introduction of the moving assembly line cut […] The post From Ford’s Assembly Line to AI: The Next Manufacturing Revolution appeared first on ERP Software Blog. Related posts:Automating business processes through an ERP 5 Quick Ways to Extend Microsoft Dynamics Business Central and CRM with Power Platform Warning Graphical Material: Where is My P...| ERP Software Blog
The newly discovered backdoor1 in the XZ Utils package2 affecting numerous Linux distributions3 and assigned CVE-2024-30944 is being dismissed by some members of the technology and security communities as yet another supply chain attack; relevant only because of how blatant it was and that it affected the Open Source ecosystem but in essence nothing out of the ordinary. Regardless of whether this perspective is gaining traction due to cynicism, as hyperbole for clicks or as a coping mechanism...| Jayson Salazar Rodriguez | @jdsalaro | Blog
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.| Adnan Khan's Blog
What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…| Adnan Khan's Blog
GitHub Actions caching has some insecure design decisions that allow for some unique attacks. It’s considered working as intended, but there are many ways it can go wrong. Learn how I identif…| Adnan Khan's Blog
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty!| Adnan Khan's Blog
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog
